Iso Iec 20000-1 Delta Checklist
Iso Iec 20000-1 Delta Checklist
Iso Iec 20000-1 Delta Checklist
NSF International
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 1 of 13
ISO/IEC 20000-1 Information Technology - Service Management registration provides a set of uniform requirements for a service management system. Several quality
management principles including a strong customer focus, support of top management, the process approach and continual improvement form the basis for the
standard.
Important Dates
September 14, 2018: ISO/IEC 20000-1:2018 was published by ISO, beginning the three-year transition period.
March 30, 2020: Last date for initial audits to the 2011 version. After this date, we will no longer be allowed to perform recertifications to the 2011 version.
June 15, 2021: Target date for all clients to schedule their transition audits.
September 30, 2021: The three-year transition period ends, and all ISO/IEC 20000-1:2011 certifications expire.
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 2 of 13
ISO/IEC 20000-1:2018 Upgrade Planner and Delta Checklist
Instructions:
1. Highlighted areas should be completed by the Client Organization prior to the off-site review, or on-site Gap Analysis or Upgrade Audit, and submitted to the NSF-ISR Lead Auditor for
review.
2. Completion by the Client Organization should include the final statement of readiness for Upgrade by the Top Management of the Client Organization.
3. The columns for “Planned Completion Date” and Responsibility” may be used by the Client Organization to develop their plan for upgrading their SMS to the requirements of ISO/IEC
20000-1:2018.
4. All other areas of the Checklist are required to be completed by the NSF-ISR Lead Auditor to confirm the effective implementation of the Client Organization’s ISO/IEC 20000-1:2018
Service Management System.
5. The Lead Auditor shall sign the appropriate sections at the end of the Checklist to indicate: whether the Client Organization is Ready/Not Ready for Upgrade Audit (Off-site review),
AND the final approval of the SMS in meeting the requirements of ISO/IEC 20000-1:2018 (during the on-site Upgrade Audit)
6. This checklist shall be submitted by the NSF-ISR Lead Auditor as one of the records of the ISO/IEC 20000-1:2018 Upgrade for the Client Organization.
Organization Name:
Organization Address:
1st Shift :
Number of Personnel: 2nd Shift :
3rd Shift :
Temp. / Part-time :
Other locations included in this registration:
Management Contact:
Name and Revision Status of QMS
documentation:
FRS Number:
Off-site Review Date (Desk Audit):
Audit Dates (on-site):
Lead Auditor / Audit Team:
Scope of Registration:
ISO/IEC 20000-1:2018 Clauses that are Not
Applicable to the scope of the SMS (4.3):
The interval between the client Delta Review and the Upgrade Audit should not exceed 90 days.
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 3 of 13
IMPORTANT: It is required that your Organization’s registered ISO/IEC 20000-1:2011 SMS remains compliant with that version of the Standard
until the Transition to ISO/IEC 20000-1:2018 is complete and verified by the NSF-ISR Lead Auditor.
Level of
Reference Document
Completion Planned
(Name / Rev. Level)
Question / Requirement 0=Not Started Completion Responsibility NSF-ISR Lead Auditor Review Comments
OR
10=Completed Date
Records
& Implemented
4. Context of the organization
Evidence of determination of
Understanding the Organization
and its Context (4.1)
How does your organization
address:
any internal and
external factors affecting the
organization and its ability to
achieve the intended
outcomes?
any interested
parties and their
requirements?
How does your organization
address the requirements to
"establish, implement, maintain
and continually improve a service
management system (SMS)"?
5. Leadership
delivering value to
customers?
control of other parties
involved in the service lifecycle?
integrating SMS requirements
into the organization's processes?
assigning and communicating
responsibilities?
continual improvement?
Question / Requirement Level of Planned Responsibilit Reference Document NSF-ISR Lead Auditor Review Comments
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 4 of 13
Completion
0=Not Started (Name / Rev. Level)
Completion
10=Complete y OR
Date
d& Records
Implemented
6. Planning
How does your organization’s system
address:
Additional requirements
added regarding planning
considerations for the SMS?
Establishing service
management objectives at all
relevant levels?
Managing risks?
Identifying opportunities?
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 5 of 13
knowledge management?
Level of
Reference Document
Completion Planned
Responsibilit (Name / Rev. Level)
Question / Requirement 0=Not Started Completion NSF-ISR Lead Auditor Review Comments
y OR
10=Completed Date
Records
& Implemented
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 6 of 13
Level of
Reference Document
Completion Planned
Responsibilit (Name / Rev. Level)
Question / Requirement 0=Not Started Completion NSF-ISR Lead Auditor Review Comments
y OR
10=Completed Date
Records
& Implemented
8.3 Relationship and agreement
How does your organization’s system
address:
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 7 of 13
Level of
Reference Document
Completion Planned
Responsibilit (Name / Rev. Level)
Question / Requirement 0=Not Started Completion NSF-ISR Lead Auditor Review Comments
y OR
10=Completed Date
Records
& Implemented
8.6 Resolution and fulfilment
Updated requirements
regarding monitoring and
measurement?
Requirement that the
management review shall include
consideration of measured
performance and effectiveness of
the SMS and the services?
10. Improvement
How does your organization’s system
address:
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 8 of 13
New/changed requirements
added regarding nonconformity
and corrective action?
Requirement that evaluation
criteria be aligned with the service
management objectives?
Approval Name / Title Signature Date
Client Organization Top Management
attests readiness for Upgrade to ISO/IEC
20000-1:2018
NSF-ISR Lead Auditor Approval of
Compliance to ISO/IEC 20000-1:2018 at
On-site Upgrade Audit.
The completed Checklist shall be submitted by the NSF-ISR Lead Auditor as a supplement to the ISO/IEC 20000-1:2018 Audit Report for the transition audit
only.
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 9 of 13
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 10 of 13
ISO/IEC 20000-1:2018 ISO/IEC 20000-1:2011
(New updated standard) (Old standard)
4 Context of the organization 4.1 Management responsibility
4.5.1 Define scope
4.5.2 Plan the SMS (Plan)
7.1 Business relationship management
4.1 Understanding the organization and its New clause
Context
4.2 Understanding the needs and expectations of 4.1.4 Management representative
interested parties 7.1 Business relationship management
4.3 Determining the scope of the service 4.5.1 Define scope
management system
4.4 Service management system 4.1.1 Management commitment
4.5.3 Implement and operate the SMS (Do)
5 Leadership 4.1 Management responsibility
5.1 Leadership and commitment 4.1.1 Management commitment
5.2 Policy 4.1.2 Service management policy
5.2.2 Communicating the service management 4.1.2 Service management policy
policy
5.3 Organizational roles, responsibilities and 4.1.3 Authority, responsibility and communication
Authorities 4.1.4 Management representative
6 Planning 4.1.1 Management commitment
4.5.2 Plan the SMS (Plan)
6.6.1 Information security policy
6.1 Actions to address risk and opportunities 4.1.1 Management commitment
4.5.2 Plan the SMS (Plan)
6.6.1 Information security policy
6.2 Service management objectives and planning 4.1.1 Management commitment
to achieve them
6.2.1 Establish objectives 4.1.1 Management commitment
6.2.2 Plan to achieve objectives New clause
6.3 Plan the service management system 4.5.2 Plan the SMS (Plan)
7 Support of the service management system 4.1 Management responsibility
4.3 Documentation management
4.4 Resource management
7.1 Resources 4.4.1 Provision of resources
7.2 Competence 4.4.2 Leadership
7.3 Awareness 4.1.1 Management commitment
4.1.2 Service management policy
4.4.2 Human resource
7.4 Communication 4.1.3 Authority, responsibility and communication
7.5 Documented information 4.3 Documentation management
7.5.1 General 4.3.1 Establish and maintain documents
7.5.2 Creating and updating documented 4.3.2 Control of documents
Information
7.5.3 Control of documented information 4.3.2 Control of documents
4.3.3 Control of records
7.5.4 Service management system documented 4.3.1 Establish and maintain documents
Information
7.6 Knowledge New clause
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 11 of 13
8 Operation 4 Service management system general requirements
5 Design and transition of new or changed
services
6 Service delivery processes
7 Relationship processes
8 Resolution processes
9 Control processes
8.1 Operational planning and control 4.1.4 Management representative
4.2 Governance of processes operated by other
parties
4.5.3 Implement and operate the SMS (Do)
9.2 Change management
8.2 Service portfolio 4.1.4 Management representative
4.2 Governance of processes operated by other
parties
4.5.3 Implement and operate the SMS (Do)
5.2 Plan new or changed services
6.1 Service level management
9.1 Configuration management
8.2.1 Service delivery 4.5.3 Implement and operate the SMS (Do)
8.2.2 Plan the services 4.1.4 Management representative
5.2 Plan new or changed services
8.2.3 Control of parties involved in the service 4.2 Governance of processes operated by other
lifecycle parties
5.2 Plan new or changed services
8.2.4 Service catalogue management 6.1 Service level management
8.2.5 Asset management 4.1.4 Management representative
8.2.6 Configuration management 9.1 Configuration management
8.3 Relationship and agreement 6.1 Service level management
6.2 Service reporting
7 Relationship processes
8.3.1 General 7.2 Supplier management
8.3.2 Business relationship management 6.2 Service reporting
7.1 Business relationship management
8.3.3 Service level management 6.1 Service level management
6.2 Service reporting
8.3.4 Supplier management 6.1 Service level management
7.2 Supplier management
8.3.4.1 Management of external suppliers 7.2 Supplier management
8.3.4.2 Management of internal suppliers and 6.1 Service level management
customers acting as a supplier
8.4 Supply and demand 6.4 Budgeting and accounting for services
6.5 Capacity management
8.4.1 Budgeting and accounting for services 6.4 Budgeting and accounting for services
8.4.2 Demand management 6.5 Capacity management
8.4.3 Capacity management 6.5 Capacity management
8.5 Service design build and transition 5 Design and transition of new or changed
services
9 Control processes
8.5.1 Change management 5.1 Design and transition of new or changed
services, General
6.3 Service continuity and availability management
6.6 Information security management
9.2 Change management
8.5.1.1 Change management policy 9.2 Change management
8.5.1.2 Change management initiation 5.1 Design and transition of new or changed
services, General
9.2 Change management
8.5.1.3 Change management activities 6.3.2 Service continuity and availability plans
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 12 of 13
6.3.3 Service continuity and availability monitoring
and testing
9.2 Change management
9.3 Release and deployment management
8.5.2 Service design and transition 5 Design and transition of new or changed
services
6.2 Service reporting
8.5.2.1 Plan new or changed services 5.2 Plan new or changed services
8.5.2.2 Design 5.3 Design and development of new or changed
services
8.5.2.3 Build and transition 5.3 Design and development of new or changed
services
5.4 Transition of new or changed services
6.2 Service reporting
8.5.3 Release and deployment management 9.1 Configuration management
9.3 Release and deployment management
8.6 Resolution and fulfilment 8.1 Incident and service request management
8.2 Problem management
8.6.1 Incident management 6.2 Service reporting
8.1 Incident and service request management
8.6.2 Service request management 8.1 Incident and service request management
8.6.3 Problem management 8.2 Problem management
8.7 Service assurance 6.3 Service continuity and availability management
6.6 Information security management
8.7.1 Service availability management 6.3 Service continuity and availability management
8.7.2 Service continuity management 6.2 Service reporting
6.3 Service continuity and availability management
8.7.3 Information security management 6.6 Information security management
8.7.3.1 Information security policy 6.6.1 Information security policy
8.7.3.2 Information security controls 6.6.2 Information security controls
8.7.3.3 Information security incidents 6.6.3 Information security changes and incidents
9 Performance evaluation 4.5.4 Monitor and review the SMS (Check)
6.2 Service reporting
9.1 Monitoring, measurement, analysis and 4.5.4.1 Monitor and review the SMS (Check), General
evaluation
9.2 Internal audit 4.5.4.1 Monitor and review the SMS (Check), General
4.5.4.2 Internal audit
6.2 Service reporting
9.3 Management review 4.5.4.1 Monitor and review the SMS (Check), General
4.5.4.3 Management review
9.4 Service reporting 6.2 Service reporting
10 Improvement 4.5.5 Maintain and improve the SMS (Act)
10.1 Nonconformity and corrective action 4.5.4.2 Internal audit
4.5.5.1 Maintain and improve the SMS (Act), General
6.2 Service reporting
10.2 Continual improvement 4.5.5.1 Maintain and improve the SMS (Act), General
4.5.5.2 Management of improvements
Document #: 20519; Revision: 01; Status: Release; Release Date: 20 Aug 2019; Printed on: 2 Aug 2021
This is a confidential document and may be reproduced only with the permission of NSF. Page 13 of 13